International Corporate Compliance, Fourth Edition
Every discipline coins its own special terms, acronyms, other abbreviations and jargon. Data privacy law is no different in this respect. In the interest of serving as a quick reference and easy read, this Field Guide minimizes the use of jargon and abbreviations and employs everyday language whenever practical. But, seven key terms are used throughout the guide, because you have to know them. These terms are omnipresent in data privacy literature and hard to avoid:
|Personal Data||Information that relates to an individual person who can be identified, including identifying information (name, passport number, etc.) and any other data (e.g., photos, phone numbers, etc.). European data protection laws tend to cover all personal data, but many U.S.-style data privacy laws are more limited and focused on particularly sensitive data categories (e.g., health information)||0.06|
|Processing||Any activity relating to data, including collection, storage, alteration, disclosure and destruction||0.07|
|Data Subject||The individual person to whom data relates||0.08|
|Data Controller||A company that determines the purposes and means of the data processing, e.g., an employer with respect to employee data||0.09|
|Data Processor||A company that processes personal data on behalf of a data controller, e.g., an accountant or payroll service provider that assists an employer||0.10|
|Transfer||Transmitting data to, or making data available for access by, another organization or in another country, e.g., via remote Internet access||0.11|
|Data Privacy Law||Laws intended to protect an individual data subject’s ability to control information about him or herself, including European-style data protection laws (regulating any processing of any personal data) and common law privacy laws (protecting reasonable expectations of being left alone by other individuals, organizations and governments)||0.12|
More detailed definitions follow in the next Section on ‘Key Concepts’. Abbreviations are defined at the end of the book.
A few other key terms should perhaps be used more sparingly and carefully. Information technologists and marketers tend to be so excited about ‘the cloud’ and ‘big data’ that they overuse these labels, extend their meaning to products on the periphery and overlook all negative connotations. When software-as-a-service providers and users talk about ‘the cloud’, they think about dynamic usage of computing capacity, cost savings, follow-the-sun support, connectivity, mobility and other benefits. The term ‘cloud’ originates from the symbol that designers of technical charts use to refer to the Internet, a global net of servers, cables, satellite connections, routers, switches and other telecommunication equipment. In Silicon Valley, where most major ‘cloud’ providers are headquartered, the term ‘cloud’ comes with positive associations, given the fact that California notoriously suffers from lack of rain. When data protection officers and politicians in Europe, where it rains too much, hear ‘the cloud’, however, they seem to think about bad visibility into where data resides and who has access to it. Similarly, when researchers get excited about opportunities concerning ‘big data’, they seem to forget the relatively low public preference for big government, big business, banks too big to fail, etc. If you are trying to sell services, features and opportunities, be mindful of your audience before resorting to these buzzwords.